TechBlog

We see spam all the time. One of the most dependable things spammers do is to try and exploit various newsworthy events and holidays. Recently, we have seen spammers spreading malware using a combination of either or both flash updates andchristmas scams. Add one more to that list. Take for example, a spam I received today. The following email wishes the recipient a Merry Christmas and a Happy New Year, and then displays the following screen in an attempt to entice the user to click on the message. ...

The one subset of malware which does not immediately seem motivated by financial incentives is the autorun worm. In fact the raison d’etre for this class of malware seems lodged in the annals of yesteryear; summarised in three words it could be “naive script-kiddy kudos”. Unlike the propagators of other classes of malware, ie professional criminals, the writers of autorun worms are amateurish upstarts. Ample evidence for this assertion may be found in a recent sample of Sohana, a family of autorun worms, which was cloaked in three layers of known virus infections: the ancient W32/Flcss over W32/Scribble-B over W32/Impair-A. ...

This is an interesting sample, caught by our honeypots. The file comes as a zip archive from qtpom{removed}.tripod.com/codec.zip, which once extracted looks like this: It is almost undetected. Virus Total report here. Truth be told, no blatant sign of malware activity is noticed at first until this: What the heck? This is not my Google home page. And what are those tabs up there: “Pharmacy”, “Casino”? The malware modifies the Windows hosts file to redirect popular sites to glike.net (IP: 92.241.164.9, Russian Federation). ...

Antivirus PC 2009 is the latest rogue security software to hit the internet. Antivirus PC 2009 is a complete scam designed to harass PC users into buying the corrupt software. Antivirus PC 2009 will try to trick people into thinking that their PC is infected with malware and recommends purchase or registering the software to remove the malware. Antivirus PC 2009 will show false scan results that report numerous infections. Antivirus PC 2009 will also display annoying popups and system alerts that stat the PC is infected, under attack or not protected with antivirus software and recommends buying Antivirus PC 2009. Antivirus PC 2009 will also prevent other programs from opening, even the web browser making it impossible to use the internet, rendering the PC nearly useless. ...

Cybercriminals love to use social engineering techniques to trick users into installing their malware. One of the latest fake-alert variants attempts to trick users into believing the software is related to or hosted by McAfee:mcafeevirusremover.com. The script hosted by the domain can attack the Windows browsers Internet Explorer, Mozilla Seamonkey, and Chrome. The script also affects browsers on Linux platforms. This fake-alert variant is hosted on at least 13 other known domains. McAfee’s Trusted Source blocks the IP addresses and the domains (including DNS and mail servers) associated with this Trojan. For example: ...

With a dazzling laser show, the 26th Chaos Communication Congress (26c3) in Berlin, the last big security conference of 2009, has ended. If you haven’t been here, you might have missed fewer of the sessions than people on site, thanks to the worldwide availablility of live streams (and recordings). What you did miss was meeting all these people, though! 26c3 has simply outgrown the location it has occupied for the last few years, but this may be offset by a very successful experiment: allowing full remote access to the conference network via VPN for those who couldn’t attend. Other conferences should consider this (hey, Defcon team, are you reading this? 😉 ) as well, especially as air travel becomes less and less attractive. ...

From a site that is hacked and serving phishes: What’s mildly interesting is the types of phishes — “speciality phishes” that are not your typical banking/finance scam. These are phishes that are highly targeted, in this case at email systems of tiny Hamiltom College (not the first time I’ve seen this), the religious site cfaith.com, Saginaw Valley State University, and Villanova. cfaith: SVSU and Villanova ...

It’s the time of year to make predictions. I only have one: in 2010, governments around the world will BEGIN to increase their efforts to do something about the massive malware threat that every Internet user on the planet faces. It’s going to be controversial and difficult legally and technically. It’s going to cost serious tax money, political capital and diplomatic work to counter this crime wave that is like nothing the world has ever known. ...

GreatDefender is a great big scam. GreatDefender is the latest rogue antispyware software, or phony security program that rips people off. If GreatDefender has infected your computer, do not buy the software, you should remove it immediately. GreatDefender uses scare tactics to frighten people into buying this corrupt software. These scare tactics include: System scans that report numerous infections, yet requires purchase of GreatDefender before it will remove the infections (These are fictitious scan results) Alerts and Pop-Up system warnings stating the PC is infected and recommend purchase of GreatDefender (These warnings are fake) Web browser redirecting to random websites (these websites are owned by cyber thieves and will further infect your PC) GreatDefender will prevent other programs from opening, stating they are infected (The programs are not infected) If your windows is infected with this malware you should remove it as soon as possible, Click Here to learn how to remove it.

Jerome Segura, a Security Analyst at ParetoLogic of Victoria, B.C., Canada, just posted a nice piece on computer security practices with a different perspective in his “Malware Diaries” Blog. He begins his list of security tips by considering four classes of users: the pre-baby boomers: These folks rarely touched a computer in their lives and if they did, kudos! Typical use: Work, Solitaire, Printing stuff. the early and late baby boomers: They have been interacting with computers pre-Internet and have good notions but lack the ‘modern day stuff’. Typical use: Work, e-mail, Online searches. the 70’s – 80’s users: These guys are definitely into computers, maybe a bit more gaming and such. They possess quite a good sense of computing. Typical use: Games, Work, E-mail, Online Dating, Forums 90’s to present: Some of them were born with a computer or handheld device. Their lives would not be possible without the MSN, Skype and more recently all the social engineering glitter. Typical use: Twittering, Facebooking, Online shopping. then makes further distinctions by level of security knowledge and awareness: ...